Skip to content

Hide Navigation Hide TOC

Powershell Exfiltration Over SMTP (9a7afa56-4762-43eb-807d-c3dc9ffe211b)

Adversaries may steal data by exfiltrating it over an un-encrypted network protocol other than that of the existing command and control channel. The data may also be sent to an alternate network location from the main command and control server.

Cluster A Galaxy A Cluster B Galaxy B Level
Exfiltration Over Unencrypted Non-C2 Protocol - T1048.003 (fb8d023d-45be-47e9-bc51-f56bcae6435b) Attack Pattern Powershell Exfiltration Over SMTP (9a7afa56-4762-43eb-807d-c3dc9ffe211b) Sigma-Rules 1
Exfiltration Over Unencrypted Non-C2 Protocol - T1048.003 (fb8d023d-45be-47e9-bc51-f56bcae6435b) Attack Pattern Exfiltration Over Alternative Protocol - T1048 (a19e86f8-1c0a-4fea-8407-23b73d615776) Attack Pattern 2